Security News

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. "Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions."

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Developed by Microsoft, it's a cloud-based automation service that allows users to automate the creation, deployment, monitoring, and maintenance of resources in Azure.

That's why we've partnered with the Microsoft Azure team to test CIS Hardened Images for Linux using Azure Monitor Agent. For context, Azure Monitor is a service that helps you evaluate the availability and performance of your applications and services in Microsoft Azure.

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.

Microsoft has unveiled Azure Update Manager, a SaaS tool tailored for enterprise clients to simplify the software update management process across different platforms. This tool represents an enhancement over the previous Azure Automation Update management solution. It empowers IT professionals to oversee software updates on Windows and Linux systems across Azure, on-premises, and multi-cloud settings.Azure Update Manager offers a suite of functionalities to IT administrators, enabling them to monitor the update compliance of their machines, whether they're based in Azure, on-premises, or other cloud infrastructures. Critical updates can be immediately deployed, ensuring systems remain secure. The tool also provides the capability to manage extended security updates for Azure Arc-enabled virtual machines. Furthermore, administrators have the option to schedule regular patching, determining specific time frames for the rollout of updates and system reboots.

An inside look at NetSPI's impressive Breach and Attack Simulation platformIn this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation platform and discusses how it offers unique features - from customizable procedures to advanced plays - that help organizations maximize their ROI. How companies can take control of their cybersecurityIn this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. Critical Trend Micro vulnerability exploited in the wildTrend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.

Here's a list of free Azure cybersecurity resources that Microsoft offers to anyone interested in learning. Prepare for cloud security by using the Microsoft Cloud Adoption Framework for Azure.

Microsoft has patched a vulnerability that exposed 38TB of private data from its AI research division. The repository held 38TB of private data, secrets, private keys, passwords and the open-source AI training data.

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data while contributing open-source AI learning models to a public GitHub repository. Microsoft linked the data exposure to using an excessively permissive Shared Access Signature token.

The BlackCat ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage. In total, the ransomware operators could encrypt 39 Azure Storage accounts successfully.